Linux/Moose Worm Targets Routers, Modems, and Embedded Systems

An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It's also capable of hijacking DNS settings. The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn't designed specifically to work with them.

No worries mate

The Moose worm does not rely upon any underlying vulnerability in the routers – it is simply taking advantage of devices that have been weakly configured with poorly chosen login credentials.

Re:No worries mate

[cusco]

The simple fact that you can leave the device with a default password encompasses several levels of stupidity. 1) Programmers who do not require password to be changed, 2) Manufacturers who will install that firmware, 3) Customers who leave it that way. Level 3 shouldn't even be possible except for stupidity and laziness in Level 1 and 2.